이 문서는 프로젝트 삭제에 대한 보호 기능을 추가하려는 프로젝트 소유자 및 조직 관리자를 대상으로 합니다.
프로젝트에 선취권을 적용하여 선취권을 삭제할 때까지 프로젝트 삭제를 차단할 수 있습니다. 이는 특히 중요한 프로젝트를 보호하는 데 유용합니다.
또한 프로젝트에 자동으로 선취권을 적용할 수 있습니다. 예를 들어 한 프로젝트의 Identity and Access Management(IAM) 서비스 계정을 다른 프로젝트의 리소스에 연결되도록 허용하면 서비스 계정이 있는 프로젝트에 선취권이 적용됩니다.
시작하기 전에
gcloud CLI는 프로젝트 선취권과 상호작용하는 가장 간편한 방법입니다. 설치되지 않은 경우 Google Cloud Shell을 사용할 수 있습니다.
필요한 역할
선취권을 수정하는 데 필요한 권한을 얻으려면 관리자에게 프로젝트에 대한 프로젝트 선취권 한정자(roles/resourcemanager.lienModifier) IAM 역할을 부여해 달라고 요청하세요.
역할 부여에 대한 자세한 내용은 프로젝트, 폴더, 조직에 대한 액세스 관리를 참조하세요.
이 사전 정의된 역할에는 선취권을 수정하는 데 필요한 권한이 포함되어 있습니다. 필요한 정확한 권한을 보려면 필수 권한 섹션을 펼치세요.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-01-09(UTC)"],[],[],null,["# Protecting projects with liens\n\nThis document is for [Project owners](/resource-manager/docs/access-control-proj#permissions_and_roles)\nand [Organization administrators](/resource-manager/docs/access-control-org#permissions_and_roles)\nlooking to add protections against project deletion.\n\nYou can place a lien upon a project to block the project's deletion until you\nremove the lien. This can be useful to protect projects of particular\nimportance.\n\nLiens can also be placed upon a project automatically. For example, if you allow\nIdentity and Access Management (IAM) service accounts from one project to be\n[attached to resources in other projects](/iam/docs/attach-service-accounts#attaching-different-project),\na lien is placed upon the project where the service accounts are located.\n\nBefore you begin\n----------------\n\nThe gcloud CLI is the easiest way to interact with project\nliens. If you don't have it installed, you can use\n[Google Cloud Shell](/shell/docs).\n\n### Required roles\n\n\nTo get the permissions that\nyou need to modify liens,\n\nask your administrator to grant you the\n\n\n[Project lien modifier](/iam/docs/roles-permissions/resourcemanager#resourcemanager.lienModifier) (`roles/resourcemanager.lienModifier`)\nIAM role on projects.\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nThis predefined role contains\n\nthe permissions required to modify liens. To see the exact permissions that are\nrequired, expand the **Required permissions** section:\n\n\n#### Required permissions\n\nThe following permissions are required to modify liens:\n\n- ` resourcemanager.projects.updateLiens`\n- List liens on a project: ` resourcemanager.projects.get`\n\n\nYou might also be able to get\nthese permissions\nwith [custom roles](/iam/docs/creating-custom-roles) or\nother [predefined roles](/iam/docs/roles-overview#predefined).\n\nPlacing a lien on a project\n---------------------------\n\nTo place a lien on a project, use the `alpha resource-manager liens create`\ncommand. \n\n```bash\ngcloud alpha resource-manager liens create \\\n --project=PROJECT_ID \\\n --restrictions=PERMISSION_RESTRICTION \\\n --reason=LIEN_REASON \\\n --origin=LIEN_ORIGIN\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: ID of the project the lien applies to.\n- \u003cvar translate=\"no\"\u003ePERMISSION_RESTRICTION\u003c/var\u003e: Comma-separated list of IAM permissions to block. The only valid restriction for a project is `resourcemanager.projects.delete`.\n- \u003cvar translate=\"no\"\u003eLIEN_REASON\u003c/var\u003e: Human-readable description of why this lien exists. Put this description within double quotation marks. Example: `\"This project is protected by a lien\"`.\n- \u003cvar translate=\"no\"\u003eLIEN_ORIGIN\u003c/var\u003e: String denoting the user or system which originated the lien. It is a required field, but is automatically populated with the user's email address if omitted.\n\nListing liens on a project\n--------------------------\n\nTo list all liens applied to a project, use the\n`alpha resource-manager liens list` command. \n\n gcloud alpha resource-manager liens list\n\nThe output is similar to the following: \n\n gcloud alpha resource-manager liens list\n NAME ORIGIN REASON\n p1061081023732-l3d8032b3-ea2c-4683-ad48-5ca23ddd00e7 user@example.com testing\n\nRemoving liens from a project\n-----------------------------\n\nTo remove a lien from a project, use the\n`alpha resource-manager liens delete` command. \n\n```bash\ngcloud alpha resource-manager liens delete LIEN_NAME\n```\n\nReplace \u003cvar translate=\"no\"\u003eLIEN_NAME\u003c/var\u003e with the name of the lien to be deleted,\nsuch as `p1061081023732-l3d8032b3-ea2c-4683-ad48-5ca23ddd00e7`.\n\nReferences\n----------\n\nAPI Reference: [REST Resource: liens](https://cloud.google.com/resource-manager/reference/rest/v1/liens)"]]